Posted today
Secret
Mid Level Career (5+ yrs experience)
Unspecified
Aerospace and Aviation
Huntsville, AL (On-Site/Office)
Position: ISSO
Location: Huntsville, AL (On-site 4 days/week)
Length: 12+ Month Contract
*Clearance: Candidates must possess active secret clearance
*Hybrid Schedule: Onsite 4 days/week with one day remote in Huntsville, AL
Job Description:
Develops and maintains an IS security program and policies for an assigned area of responsibility. Develops and oversees operational IS security implementation policy and guidelines. Monitors all available resources that provide warnings of system vulnerabilities or ongoing attacks. Monitors system recovery processes to ensure security features and procedures are properly restored and functioning correctly. Responsible for security assessments, tests, and reviews; ensuring proper measures are taken when an IS incident or vulnerability affecting classified systems or information is discovered. Ensures the application of configuration management policies and procedures for authorizing the use of hardware/software are followed. Ensures systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the SSP. Develops and updates the SSP, manages and controls changes to the system, and assesses the security impact of those changes. Ensures user activity monitoring data is analyzed, stored, and protected in accordance with the ITPSO policies and procedures. Develops and maintains POA&Ms in order to identify IS weaknesses, resources and timelines for corrective actions, and mitigate actions. Ensures all users have the requisite security clearances and authorization and are aware of their security responsibilities.
Essential Duties and Responsibilities:
• Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements)
• Work with the ISSM on compliance activities including RMF Accreditation of several complex information systems
• Assist in the security configuration and management of collateral classified systems and networks in a variety of traditional and virtual environments including Linux, Unix, Sun, Mac, and Windows
• Confirm that plans of actions and milestones (POA&M) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Utilizing previous RMF experience, recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements.
• Act as primary author on the development and maintenance of System Security Plans (SSP) and associated artifacts such as the Plan of Action & Milestones (POA&M), Risk Assessment Report, and Continuous Monitoring Strategy
• Ensure systems are operated, maintained, and disposed of in accordance with organization security policies and procedures
• Collect, analyze, and store system audit records
• Conduct network, system, and application vulnerability scanning, configuration assessment, and remediation
• Prepare for and participate in periodic organization compliance assessments
• Ensure account management documentation is complete and updated
• Maintain configuration management documentation (change tracking, maintenance logs, etc.)
Qualifications:
• Demonstrated understanding of the following security frameworks is required:
o NIST 800-53 / Risk Management Framework (RMF)
o Joint SAP Implementation Guide (JSIG)
o Intelligence Community Directive (ICD) 503
o National Industrial Security Program Operating Manual (NISPOM) Chapter 8
o DoD Manual 5205.07 Volumes 1- 4
o Assessment and Authorization Manual (DAAPM)
• BS degree in Information Security, Computer Science, Cybersecurity, Information Technology, Computer Information Systems, or related discipline is required.
• Technical experience, skills, and course work completed towards an Undergraduate Degree, or industry IT certifications may be considered in lieu of education or DoD security experience requirements
• Demonstrated experience with vulnerability scanning and auditing tools and processes is required
• Experience and familiarity with multiple operating systems such as Windows Server 2012, 2016 and 2019, Windows 7 and 10, Red Hat Enterprise Linux, Ubuntu, Mac, etc.
• 5 years System Auditing Experience
• 5 years Regulatory and Compliance Experience
Desired:
• A minimum of 5 years of IT security experience in DoD Information Security is preferred
• Technical experience securing networks and systems utilizing DISA STIGs and/or SRGs is highly desired
• Experience with virtualization and Cloud technologies is preferred
POST-OFFER BACKGROUND CHECK IS REQUIRED. Digital Prospectors is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by law. Digital Prospectors affirms the right of all individuals to equal opportunity and prohibits any form of discrimination or harassment.
Come see why DPC has achieved:
• 4.9/5 Star Glassdoor rating and the only staffing company (< 1000 employees) to be voted in the national Top 10 ‘Employee’s Choice - Best Places to Work’ by Glassdoor.
• Voted ‘Best Staffing Firm to Temp/Contract For’ seven times by Staffing Industry Analysts as well as a ‘Best Company to Work For’ by Forbes, Fortune and Inc. magazine.
As you are applying, please join us in fostering diversity, equity, and inclusion by completing the Invitation to Self-Identify form today!
www.LoveYourJob.com
Location: Huntsville, AL (On-site 4 days/week)
Length: 12+ Month Contract
*Clearance: Candidates must possess active secret clearance
*Hybrid Schedule: Onsite 4 days/week with one day remote in Huntsville, AL
Job Description:
Develops and maintains an IS security program and policies for an assigned area of responsibility. Develops and oversees operational IS security implementation policy and guidelines. Monitors all available resources that provide warnings of system vulnerabilities or ongoing attacks. Monitors system recovery processes to ensure security features and procedures are properly restored and functioning correctly. Responsible for security assessments, tests, and reviews; ensuring proper measures are taken when an IS incident or vulnerability affecting classified systems or information is discovered. Ensures the application of configuration management policies and procedures for authorizing the use of hardware/software are followed. Ensures systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the SSP. Develops and updates the SSP, manages and controls changes to the system, and assesses the security impact of those changes. Ensures user activity monitoring data is analyzed, stored, and protected in accordance with the ITPSO policies and procedures. Develops and maintains POA&Ms in order to identify IS weaknesses, resources and timelines for corrective actions, and mitigate actions. Ensures all users have the requisite security clearances and authorization and are aware of their security responsibilities.
Essential Duties and Responsibilities:
• Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements)
• Work with the ISSM on compliance activities including RMF Accreditation of several complex information systems
• Assist in the security configuration and management of collateral classified systems and networks in a variety of traditional and virtual environments including Linux, Unix, Sun, Mac, and Windows
• Confirm that plans of actions and milestones (POA&M) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Utilizing previous RMF experience, recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements.
• Act as primary author on the development and maintenance of System Security Plans (SSP) and associated artifacts such as the Plan of Action & Milestones (POA&M), Risk Assessment Report, and Continuous Monitoring Strategy
• Ensure systems are operated, maintained, and disposed of in accordance with organization security policies and procedures
• Collect, analyze, and store system audit records
• Conduct network, system, and application vulnerability scanning, configuration assessment, and remediation
• Prepare for and participate in periodic organization compliance assessments
• Ensure account management documentation is complete and updated
• Maintain configuration management documentation (change tracking, maintenance logs, etc.)
Qualifications:
• Demonstrated understanding of the following security frameworks is required:
o NIST 800-53 / Risk Management Framework (RMF)
o Joint SAP Implementation Guide (JSIG)
o Intelligence Community Directive (ICD) 503
o National Industrial Security Program Operating Manual (NISPOM) Chapter 8
o DoD Manual 5205.07 Volumes 1- 4
o Assessment and Authorization Manual (DAAPM)
• BS degree in Information Security, Computer Science, Cybersecurity, Information Technology, Computer Information Systems, or related discipline is required.
• Technical experience, skills, and course work completed towards an Undergraduate Degree, or industry IT certifications may be considered in lieu of education or DoD security experience requirements
• Demonstrated experience with vulnerability scanning and auditing tools and processes is required
• Experience and familiarity with multiple operating systems such as Windows Server 2012, 2016 and 2019, Windows 7 and 10, Red Hat Enterprise Linux, Ubuntu, Mac, etc.
• 5 years System Auditing Experience
• 5 years Regulatory and Compliance Experience
Desired:
• A minimum of 5 years of IT security experience in DoD Information Security is preferred
• Technical experience securing networks and systems utilizing DISA STIGs and/or SRGs is highly desired
• Experience with virtualization and Cloud technologies is preferred
POST-OFFER BACKGROUND CHECK IS REQUIRED. Digital Prospectors is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by law. Digital Prospectors affirms the right of all individuals to equal opportunity and prohibits any form of discrimination or harassment.
Come see why DPC has achieved:
• 4.9/5 Star Glassdoor rating and the only staffing company (< 1000 employees) to be voted in the national Top 10 ‘Employee’s Choice - Best Places to Work’ by Glassdoor.
• Voted ‘Best Staffing Firm to Temp/Contract For’ seven times by Staffing Industry Analysts as well as a ‘Best Company to Work For’ by Forbes, Fortune and Inc. magazine.
As you are applying, please join us in fostering diversity, equity, and inclusion by completing the Invitation to Self-Identify form today!
www.LoveYourJob.com
group id: digipros
